Looking for a way to find bugs and vulnerabilities in your Internet-related infrastructure as quickly as possible, at the lowest possible cost? Bug bounty programs may well be a valuable solution your information security team should embrace.

Bug bounty programs leverage the available time of highly talented, non-employee security researchers to identify and responsibly inform you of information security issues they find on your terms.

While the original "Bugs Bounty" program was created back in 1995 by a technical support engineer at Netscape Communications Corporation, the concept more recently gained attention from information security executives and professionals.

In this first of two podcasts on bug bounty programs, Caleb Queern, a security services-focused member of KPMG’s Advisory group, sat down with Stan Lepeak to discuss: